package com.yahoo.elide.security.permissions;

import com.yahoo.elide.annotation.ReadPermission;
import com.yahoo.elide.core.CheckInstantiator;
import com.yahoo.elide.core.EntityDictionary;
import com.yahoo.elide.core.RequestScope;
import com.yahoo.elide.core.filter.expression.FilterExpression;
import com.yahoo.elide.core.filter.expression.OrFilterExpression;
import com.yahoo.elide.parsers.expression.FilterExpressionNormalizationVisitor;
import com.yahoo.elide.parsers.expression.PermissionExpressionVisitor;
import com.yahoo.elide.parsers.expression.PermissionToFilterExpressionVisitor;
import com.yahoo.elide.security.ChangeSpec;
import com.yahoo.elide.security.PersistentResource;
import com.yahoo.elide.security.checks.Check;
import com.yahoo.elide.security.permissions.expressions.AnyFieldExpression;
import com.yahoo.elide.security.permissions.expressions.CheckExpression;
import com.yahoo.elide.security.permissions.expressions.Expression;
import com.yahoo.elide.security.permissions.expressions.OrExpression;
import com.yahoo.elide.security.permissions.expressions.SpecificFieldExpression;
import java.lang.annotation.Annotation;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.antlr.v4.runtime.tree.ParseTree;

/* loaded from: input_file:com/yahoo/elide/security/permissions/PermissionExpressionBuilder.class */
public class PermissionExpressionBuilder implements CheckInstantiator {
    private final EntityDictionary entityDictionary;
    private final ExpressionResultCache cache;
    private static final Expression SUCCESSFUL_EXPRESSION = OrExpression.SUCCESSFUL_EXPRESSION;
    public static final Expression FAIL_EXPRESSION = OrExpression.FAILURE_EXPRESSION;

    public PermissionExpressionBuilder(ExpressionResultCache expressionResultCache, EntityDictionary entityDictionary) {
        this.cache = expressionResultCache;
        this.entityDictionary = entityDictionary;
    }

    public <A extends Annotation> Expression buildSpecificFieldExpressions(PersistentResource persistentResource, Class<A> cls, String str, ChangeSpec changeSpec) {
        if (!this.entityDictionary.entityHasChecksForPermission(persistentResource.getResourceClass(), cls)) {
            return SUCCESSFUL_EXPRESSION;
        }
        Function<Check, Expression> leafBuilder = leafBuilder(persistentResource, changeSpec);
        Function function = function2 -> {
            return buildSpecificFieldExpression(PermissionCondition.create(cls, persistentResource, str, changeSpec), function2);
        };
        return (Expression) function.apply(leafBuilder);
    }

    public <A extends Annotation> Expression buildAnyFieldExpressions(PersistentResource persistentResource, Class<A> cls, ChangeSpec changeSpec) {
        if (!this.entityDictionary.entityHasChecksForPermission(persistentResource.getResourceClass(), cls)) {
            return SUCCESSFUL_EXPRESSION;
        }
        Function<Check, Expression> leafBuilder = leafBuilder(persistentResource, changeSpec);
        Function function = function2 -> {
            return buildAnyFieldExpression(PermissionCondition.create(cls, persistentResource, (String) null, changeSpec), function2, (RequestScope) persistentResource.getRequestScope());
        };
        return (Expression) function.apply(leafBuilder);
    }

    public <A extends Annotation> Expression buildUserCheckFieldExpressions(Class<?> cls, RequestScope requestScope, Class<A> cls2, String str) {
        if (!this.entityDictionary.entityHasChecksForPermission(cls, cls2)) {
            return SUCCESSFUL_EXPRESSION;
        }
        return buildSpecificFieldExpression(new PermissionCondition((Class<? extends Annotation>) cls2, cls, str), check -> {
            return new CheckExpression(check, null, requestScope, null, this.cache);
        });
    }

    public <A extends Annotation> Expression buildUserCheckAnyExpression(Class<?> cls, Class<A> cls2, RequestScope requestScope) {
        return buildAnyFieldExpression(new PermissionCondition((Class<? extends Annotation>) cls2, cls), check -> {
            return new CheckExpression(check, null, requestScope, null, this.cache);
        }, requestScope);
    }

    private Expression buildSpecificFieldExpression(PermissionCondition permissionCondition, Function<Check, Expression> function) {
        Class<?> entityClass = permissionCondition.getEntityClass();
        Class<? extends Annotation> permission = permissionCondition.getPermission();
        return new SpecificFieldExpression(permissionCondition, expressionFromParseTree(this.entityDictionary.getPermissionsForClass(entityClass, permission), function), expressionFromParseTree(this.entityDictionary.getPermissionsForField(entityClass, permissionCondition.getField().isPresent() ? permissionCondition.getField().get() : null, permission), function));
    }

    private Expression buildAnyFieldExpression(PermissionCondition permissionCondition, Function<Check, Expression> function, RequestScope requestScope) {
        Class<?> entityClass = permissionCondition.getEntityClass();
        Class<? extends Annotation> permission = permissionCondition.getPermission();
        Expression expressionFromParseTree = expressionFromParseTree(this.entityDictionary.getPermissionsForClass(entityClass, permission), function);
        OrExpression orExpression = new OrExpression(Expression.Results.FAILURE, null);
        List<String> allFields = this.entityDictionary.getAllFields(entityClass);
        Set<String> set = requestScope.getSparseFields().get(this.entityDictionary.getJsonAliasFor(entityClass));
        for (String str : allFields) {
            if (set == null || set.contains(str)) {
                orExpression = new OrExpression(orExpression, expressionFromParseTree(this.entityDictionary.getPermissionsForField(entityClass, str, permission), function));
            }
        }
        return new AnyFieldExpression(permissionCondition, expressionFromParseTree, orExpression);
    }

    public FilterExpression buildAnyFieldFilterExpression(Class<?> cls, RequestScope requestScope) {
        FilterExpression filterExpressionFromParseTree = filterExpressionFromParseTree(this.entityDictionary.getPermissionsForClass(cls, ReadPermission.class), cls, requestScope);
        if (filterExpressionFromParseTree == PermissionToFilterExpressionVisitor.FALSE_USER_CHECK_EXPRESSION || filterExpressionFromParseTree == PermissionToFilterExpressionVisitor.NO_EVALUATION_EXPRESSION || filterExpressionFromParseTree == PermissionToFilterExpressionVisitor.TRUE_USER_CHECK_EXPRESSION) {
            filterExpressionFromParseTree = null;
        }
        Set<String> set = requestScope.getSparseFields().get(this.entityDictionary.getJsonAliasFor(cls));
        FilterExpression filterExpression = filterExpressionFromParseTree;
        Iterator it = ((List) this.entityDictionary.getAllFields(cls).stream().filter(str -> {
            return set == null || set.contains(str);
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            FilterExpression filterExpressionFromParseTree2 = filterExpressionFromParseTree(this.entityDictionary.getPermissionsForField(cls, (String) it.next(), ReadPermission.class), cls, requestScope);
            if (filterExpressionFromParseTree2 == null && filterExpressionFromParseTree == null) {
                return null;
            }
            if (filterExpressionFromParseTree2 != null && filterExpressionFromParseTree2 != PermissionToFilterExpressionVisitor.FALSE_USER_CHECK_EXPRESSION) {
                if (filterExpressionFromParseTree2 == PermissionToFilterExpressionVisitor.NO_EVALUATION_EXPRESSION || filterExpressionFromParseTree2 == PermissionToFilterExpressionVisitor.TRUE_USER_CHECK_EXPRESSION) {
                    return null;
                }
                filterExpression = filterExpression != null ? new OrFilterExpression(filterExpression, filterExpressionFromParseTree2) : filterExpressionFromParseTree2;
            }
        }
        return filterExpression;
    }

    private Expression expressionFromParseTree(ParseTree parseTree, Function<Check, Expression> function) {
        if (parseTree == null) {
            return null;
        }
        return (Expression) new PermissionExpressionVisitor(this.entityDictionary, function).visit(parseTree);
    }

    private FilterExpression filterExpressionFromParseTree(ParseTree parseTree, Class cls, RequestScope requestScope) {
        if (parseTree == null) {
            return null;
        }
        return (FilterExpression) ((FilterExpression) new PermissionToFilterExpressionVisitor(this.entityDictionary, requestScope, cls).visit(parseTree)).accept(new FilterExpressionNormalizationVisitor());
    }

    private Function<Check, Expression> leafBuilder(PersistentResource persistentResource, ChangeSpec changeSpec) {
        return check -> {
            return new CheckExpression(check, persistentResource, persistentResource.getRequestScope(), changeSpec, this.cache);
        };
    }
}
